# Block OpenVPN transfer networks
/sbin/iptables -N OVPNBLOCK
- for i in INPUT FORWARD OUTPUT; do
+ for i in INPUT FORWARD; do
/sbin/iptables -A ${i} -j OVPNBLOCK
done
/sbin/iptables -N WIRELESSFORWARD
/sbin/iptables -A FORWARD -m conntrack --ctstate NEW -j WIRELESSFORWARD
+ # OpenVPN
+ /sbin/iptables -N OVPNINPUT
+ /sbin/iptables -A INPUT -j OVPNINPUT
+
# TOR
/sbin/iptables -N TOR_INPUT
/sbin/iptables -A INPUT -j TOR_INPUT
/sbin/iptables -N FORWARDFW
/sbin/iptables -A FORWARD -j FORWARDFW
+ # SNAT rules
+ /sbin/iptables -t nat -N NAT_SOURCE
+ /sbin/iptables -t nat -A POSTROUTING -j NAT_SOURCE
+
# RED chain, used for the red interface
/sbin/iptables -N REDINPUT
/sbin/iptables -A INPUT -j REDINPUT
/sbin/iptables -t nat -N NAT_DESTINATION
/sbin/iptables -t nat -A PREROUTING -j NAT_DESTINATION
- # SNAT rules
- /sbin/iptables -t nat -N NAT_SOURCE
- /sbin/iptables -t nat -A POSTROUTING -j NAT_SOURCE
-
# upnp chain for our upnp daemon
/sbin/iptables -t nat -N UPNPFW
/sbin/iptables -t nat -A PREROUTING -j UPNPFW
/etc/sysconfig/firewall.local start
fi
- # run openvpn
- /usr/local/bin/openvpnctrl --create-chains-and-rules
+ # Apply OpenVPN firewall rules
+ /usr/local/bin/openvpnctrl --firewall-rules
# run wirelessctrl
/usr/local/bin/wirelessctrl